A Cyber Resilience Recovery Model to Combat Zero-Day Malware Attacks

Cyber infrastructure, which provides support services for communications, transportation, financial and medical institutions, education, and government, has increased rapidly over the past decade to accommodate a worldwide information technology growth. Cyber infrastructure provides services to support communications, transportation, finance institutions, education, medical institutions, and government. Along with this growth, cyber attacks have increased in both frequency and sophistication. These attacks are usually launched against individuals, corporations, and government agencies with the aim of gaining personal and sensitive information, such as trade secrets and those pertaining to national security. Cyber criminals constantly devise innovative means to get malware onto computers and networks (Tran et al. 2016; Bilge and Dumitras 2012; Chen 2003). Phishing is one of the most common attack vectors and is based on specific attributes of human decision-making, known as cognitive biases. Sophisticated phishing attacks usually carry zero-day malware, which are more destructive and more difficult to detect than known signature-based malware (Tran et al. 2016). The objective of this dissertation is to present the implementation of an epidemiological model to combat a zero-day outbreak within a closed network. The author's Cyber Resilience Recovery Model (CRRM) is used to dynamically combat the simulated outbreak and minimize disruptions to business operations. CRRM combines the National Institute of Standards and Technology Special Publication 800-61 incident response life cycle framework (Cichonski and Scarfone 2012) and the Susceptible-Infected-Quarantined-Recovered (SIQR) (Sterman 2000) epidemiological model. It provides insights into the strengths and weaknesses of current response and recovery processes and presents possible solutions for addressing changing cybersecurity threats. Evaluation results demonstrate that CRRM accurately simulates zero-day malware outbreaks on a network and has the potential to serve as a valuable tool to support decision-making and technological investments that improve cyber resilience (Tran et al. 2016). CRRM was designed to successfully handle, or thwart, active attacks as well as to evaluate the effectiveness of different defense configurations (Tran et al. 2016).